There will be a security release of Drupal 7 on Wednesday April 25th 2018 between 16:00 - 18:00 UTC that will fix a critical security vulnerability. Apigee will put this fix into the Cloud hosting platforms immediately after it is released (on April 25) along with another status notification.
Apigee strongly recommends that all customers running a Drupal Developer Portal test and apply the update on all environments, especially production systems as quickly as possible. Instructions are available below. If Cloud customers have not applied the updates by 5PM PST Monday April 30, Apigee will auto-update Dev and Test environments and apply a patch to Production.
Cloud customers hosted on Pantheon: Please apply updates to your site using the Pantheon dashboard: https://docs.apigee.com/api-platform/publish/drupal/working-pantheon#applyinganapigeeupdatetoyourportal
Cloud customers hosted on Acquia: Please use the following instructions to apply updates to your site: https://docs.apigee.com/api-platform/publish/drupal/working-acquia#applying-module-and-theme-updates-to-the-portal
Private Cloud Customers (OPDK) customers: Please upgrade to the latest Drupal version using the following instructions: http://docs.apigee.com/developer-services/content/upgrading-drupal-opdk-installation
More information about this security advisory can be found here: https://www.drupal.org/psa-2018-003